Acceptance of Terms
The definition of “personal information” will differ depending upon applicable law. In Europe it will include all information that directly or indirectly relates to you, and includes “personal data” as defined by the General Data Protection Regulation (GDPR). Where GDPR or other EU privacy laws apply to you, this Privacy Statement details how you can exercise your rights.
Using Our Systems
How We Use Your Personal Information
We will generally only collect and use your personal information when it is needed to process donations or to comply with our legal obligations.
We set out below a table where we describe each of the ways in which we use your Personal Information, the types of Personal Information that we use and the legal basis that applies to that use. Where the legal basis is “legitimate interest” we also set out some further details.
|How we use your Personal Information||The types of Personal Information involved||Legal Basis||Legitimate Interest|
|To allow you to register and attend an event and to follow up with you after the event||Identity data, Contact details, marketing & communication data, travel data||Contract|
|For electronic marketing/prayer communication||Identity data; contact details (email, sms etc); marketing & communication data||Consent or Legitimate Interest where it follows something you have donated||When you engage with us (for example, financially), the law permits Seed Company to send you relevant email marketing|
|For physical communication and non-marketing/prayer electronic communication||Identity data; contact details (telephone number, mailing address, etc); marketing & communication data||Legitimate Interests||To keep you informed of our ministry; To send you ministry information and resources which we believe you will be interested in|
|To allow you to login and to access our Systems||Identity data; authentication data||Contract and Legitimate Interests||To ensure that your accounts on our Systems are kept safe and private|
|To apply as a staff member or participate as a volunteer||Identity data; contact details; application data||Contract|
|For advocacy and fundraising||Identity data; Financial data; financial transaction data; contact details; contact details; marketing & communication data||Legitimate Interest||To provide opportunities for you to partner with us through financial giving, communication or prayer|
|To process donations||Identity data; Financial data; financial transaction data; contact details; and tax status||Contract and Legitimate interests||To securely receive your donation toward our charitable aims|
|For statutory reporting||Identity data; contact details; tax status||Legal Obligations and Legitimate Interests||We may have obligations to report to the authorities in other countries|
|To improve our tools and improve your experience of our Systems, to maintain an audit trail of access to data, troubleshooting, data analysis, and system maintenance||Identity data; Historical transaction data; contact details; system data; audit logs; and location data; marketing & communication data; demographics||Legitimate Interests||To manage, protect, and improve our Systems; to ensure that our services run effectively and to track who is accessing your data|
|To respond to complaints and requests||Identity data; contact details; historical transaction data; application data||Legal obligation and Legitimate Interests||To ensure that your concerns are addressed|
How We Collect Personal Information
We obtain personal information about you through:
Direct Interactions - when you enquire about our activities, engage in an activity with us, make a donation, register through one of our sites or at an event, or otherwise give us your personal information. If you meet with us for discipleship or spiritual advice, we may take confidential notes for spiritual guidance and support. If you prefer that we do not take notes, please let us know. The information you disclose is entirely at your discretion.
Third parties [or other publicly available sources] - we may from time to time obtain personal information about you from third parties [and public sources] (e.g. US Census Data). We will only collect personal information from third parties if they have obtained that information in a legal and proper way.
Referral of Information by individuals - Your name and contact details may have been passed to us by someone you know, who indicated that you might be interested in hearing about our ministry, according to the chart in section 2.
Types of Personal Information That We Collect
We collect the following types of personal information:
- Application Data - employment history, qualifications and references (if applicable).
- Authentication Data - usernames and password used in our Systems.
- Contact Details - email address, postal address, and telephone number.
- Demographics - information that allows us to better understand who you are and the Bible Translation projects in which you are most interested.
- Financial Data - bank account and payment bank details.
- Financial Transaction Data - details about donations you have made.
- Historical Transaction Data - communication history, your past donations, applications and interactions with us.
- Identity Data - name, date of birth, gender, marital status.
- Location Data - physical location, including IP address, and lat/long coordinates and country of origin (where applicable).
- Marketing & Communication Data - preference in receiving marketing or communication from Global Family 24-7 Prayer.
- System Data - information about how you use our Systems.
- Tax Status - information for statutory reporting.
- Travel Data - including travel details, delegate information, dietary requirements, and accommodation preferences.
How/When We Disclose Personal Information
Generally, we will not disclose or share your personal information (including your email address) with anyone outside our organization without your permission. However we may need to use or share your information with our partners and agents who provide goods and services to you on our behalf. Your information may be disclosed:
- To other parts of our Organization;
- To public or regulatory authorities;
- To third party service providers, including:
- Cloud service providers for the hosting of apps and sites;
- Direct and email marketing service providers (eg. MailChimp); and
- Companies that assist us in processing your donations.
We take steps to safeguard your information and we have contractual provisions requiring all third party service providers to respect the security of your personal data and to treat it in accordance with our data protection policies and all applicable laws. We will not allow third party service providers to use your personal information for their own purposes and they will only be allowed to process your personal information in accordance with our instructions.
Accessing personal information. You can request details of your personal information we hold. We will confirm whether we are processing your personal information and provide additional details including what kind of information we have about you, where we collected it, how we use it (including the legal basis for our processing), how long we expect to keep it, details of any automated decision making or profiling and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. If you ask us, we will provide you with a copy of your personal information. We may charge you a fee to cover our administrative costs or if the requests are manifestly unfounded or excessive.
Deletion of personal information. At your request, we will delete your personal information if any of the following conditions are met:
- It is no longer necessary for Global Family 24-7 Prayer to retain your personal information,
- You withdraw consent which formed the basis of your personal information processing,
- You have successfully objected to the processing of your personal information,
- Your personal information was processed unlawfully, or
- We are required to delete your personal information to comply with our legal obligations.
We will review requests on a case by case basis and we might not be able to comply with your request if we need to process your personal information:
- For exercising the right of freedom of expression and information,
- To comply with our legal obligations,
- To establish, exercise or defend a legal claim, or
- To perform a task in the public interest.
If this is the case, we will notify you of the reasons why your request was rejected.
Restriction of processing of personal information. You have the right to request us to limit the processing of your personal information if:
You dispute the accuracy of your personal information,
- Your personal information was processed unlawfully and you request a limitation on processing, rather than a deletion of your personal information,
- We no longer need to process your personal information, but you need your personal information in connection with a legal claim, or
- You object to the processing of your personal information based on our legitimate interests pending verification as to whether we have an overriding legitimate ground for such processing.
To the extent needed, we may still keep some of your data to ensure we comply with your request to limit processing, or for other legal purposes.
Objecting to certain types of processing including automated decision making. Where we process your personal information based upon our legitimate interests, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. Where we process your personal information based upon our legitimate interests and where decisions are made by automated processing which has a legal or other significant effect on you, you may also object to such automated decision making.
Portability of personal information. You can request us to send you your personal information in a structured, commonly used, machine-readable format so that it can easily be transferred and used by a third party if:
- You provided us with the personal information,
- The processing of your personal information is based on your consent or required for the performance of a contract, or
- The processing is carried out by automated means.
Withdrawing consent. We primarily rely on legitimate business interests to process your data, but to the extent we use consent to process your data, you have the right to withdraw any consent you may have given us at any time. We will comply with your request promptly. If you withdraw your consent, we might not be able to provide some of our products and services to you. At any point, you have the right to object to processing of your personal information for direct marketing purposes and we will promptly comply with your request.
Filing a complaint with a data protection authority. We will try to resolve any problems that you have but you are always able to contact your local data protection authority for assistance or to make a complaint.
International Transfer of Your Personal Information
We are an international organisation and we might need to transfer your personal information to other countries. If you are in the European Economic Area (EEA), please be aware that we may need to transfer your data to countries outside the EEA to process it. We will only transfer your personal information outside the EEA with adequate safeguards in place and in full compliance with applicable laws. For example, we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection. We have established standard contractual clauses with our service providers to ensure they protect your information and to enforce legal transfers of data internationally.
We have put in place appropriate security measures to protect your personal information from being accidentally lost, misused or accessed in an unauthorised way, altered or disclosed. These include technical, administrative and physical security measures to ensure that any information we collect is stored and processed securely.
For example, for Systems that require personal or sensitive data to be collected or displayed, a Secured Socket Layer (SSL) connection is required, to ensure that the data is encrypted as it is transferred to the browser. All credit card payments are processed using PCI compliant technology, to ensure that your credit card number is securely passed to the merchant/service provider. We do not store your credit card details.
We have procedures to deal with any suspected personal data breach and we will promptly notify you and any applicable regulator of a breach in accordance with our legal obligations.
We cannot guarantee that the security measures we implement in connection with the operation of the site will absolutely prevent others from accessing or acquiring any information that you provide while using the site. You can help us protect your personal information by properly protecting your password and remembering to sign out of your account and close your browser window when you finish visiting our site, especially if you are on a shared or public computer.
Most website browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience certain interactive features of the site or access all of the services provided through the site.
How Long We Keep Your Personal Information
We keep your information as long as it is needed to achieve our purposes listed above, as well as for the amount of time necessary to meet any legal, tax, or reporting requirements.
We do not keep your personal information for longer than necessary and up to 7 years after your last interaction with us (e.g. making a donation or using one of our Systems). We may keep your data for longer than 7 years if we cannot delete it for legal or technical reasons. We may also keep it for statistical purposes. However, if we do, we will ensure that your privacy continues to be protected and only use it for these purposes.
We do not collect personal information from children under the age of 13 beyond what is necessary for them to participate in our online or other activities. If we discover that we have accidentally collected personal information from a child below the age of 13, we will delete it from our records as soon as reasonably possible.
If a child under the age of 16 attempts to register with one of our Systems, purchase products or materials, or participate in an activity requiring the submittal of personally identifiable information, a parent or guardian must give permission and consent for that child to provide information and register. The only personal information we collect from a child is information that is necessary for the child to participate in activities, such as an address for making a purchase. Parents have the right to request at any time that the information collected about their child is removed from our Systems.
Your California Privacy Rights
Under California's “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2018 will receive information regarding 2017 sharing activities). Please be aware that not all information sharing is covered by the “Shine the Light” requirements.